开发者

What is a quick way I can add simple authentication to a few ASP.NET MVC routes, without implementing the whole Membership provider jazz?

问答 作者:

I've created a demo website for my boss and one of 开发者_StackOverflow中文版the requirements is I need to add some simple authentication to his 3 admin views/routes.

What is the simplest, quickest way I can do this without implementing a whole membership provider? I honestly don't even care if the user/pass is hardcoded on the server side, I just need it so they can't access those 3 views without having authenticated in some way.

I would go this route.

Add this to your web.config (could omit the SHA1 and use a plain text password if you want):

<authentication mode="Forms">
  <forms loginUrl="~/admin" timeout="2880">
      <credentials passwordFormat="SHA1">
        <user name="admin" password="4f3fc98f8d95160377022c5011d781b9188c7d46"/>
      </credentials>
  </forms>
</authentication>

Create a simple view for username and password and in the action method that receives the username and password go with this...

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult LogOn(string username, string password)
{
    if (FormsAuthentication.Authenticate(username, password))
    {
        FormsAuthentication.SetAuthCookie(username, false);
        return RedirectToAction("Index", "Home");
    }
    else
    {
        ViewData["LastLoginFailed"] = true;
        return View();
    }
}

FormsAuthentication.Authenticate() automatically checks the username and password against the credentials node we created earlier. If it matches it creates your auth cookie with a "Remember Me" value of false and redirects you to the index view of your home controller. If it doesn't match it returns to the login page with ViewData["LastLoginFailed"] set to true so you can handle that in your view.

PS - Now that you have an easy way of authorizing don't forget to put the [Authorize] filter over the actions or controllers you want to protect.

easiest would be to select the menu [project] followed by [ASP.NET Configuration] in Visual Studio.

It'll set up a membership db for you. then add a couple of roles and users in the configuration manager that pops up.

that's it! Then simply decorate your actions/controllers with [Authorise] and check for some rights based on the user name. <= hard coded for the demo

继续阅读:asp.net-mvc

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9